Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

I did nearly the same steps to build a custom app (I used the template sample app). I built specific Dashboards for a "normal" User.Everything is working perfectly as long as I leave the role for "search & reporting" in the user group, but if I remove the permission dashboard_role from "search & Reporting", user gets error message http 404.

I want to mention that I have a few apps with role permissions and they work fine. I copied all the capabilities from the standard user role. Additionally, I checked the View permissions, Settings>>User Interface. The view for search is read Everyone.

Can someone help me please,thanks in advance

In the webservice.log, there is the following entry:

WARNING [56829eda99aa94851240] appnav:379 - An unknown view name "dashboards" is referenced in the navigation definition for "Custom_Dashboard_App".
INFO [56829eda99aa94851240] error:129 - Masking the original 404 message: 'Splunk cannot find the "dashboards" view.' with 'Page not found!' for security reasons

People who like this

1 Answer

There are too many features, commands, etc that depend on the search and reporting app for you to just arbitrarily disable it for specific users. Somewhere in the documentation it mentions that ALL USERS MUST have access to the searching & reporting app, but I cant find a link to point you to.

Of course you'll find many people who have "made" this work, but I'm certain they ran into issues they havent mentioned in their threads where the "made" it work.

In short... DO NOT DISABLE THE SEARCH AND REPORTING APPLICATION FOR ANYONE.

Making it invisible also has unintended consequences because you cant just make it invisible to specific users and many of the administrative menus are in the search and reporting app. You could reverse engineer the entire app... looking over all the code to ensure you update file system paths, etc. You'll first end up with duplicate entries in your administrative menus. To fix that you'll have to remove the navigational settings from the app the users can see, but leave the commands in /bin... and then remove the commands from the admin app but leave the navigational & html / view settings etc. It can be done, but it will not be supported by splunk. You'll in effect nullify your support contract not to mention it would ruin any possibility of a "seamless" upgrade path.

It's certainly possible, but it will cause unintended consequences. If you just remove read & write access to a specific role, then users in that specific role will not see it any more. They might also have unintended difficulties such as some commands not working, menus not available etc.